User Authentication

This section lists and describes the methods supported for authenticating the HVR Hub Server user and HVR Agent user. Users typically represent people who interact with the HVR Hub and HVR Agent. Access to the HVR Hub and HVR Agent is managed through user accounts and user permissions system. In Fivetran HVR, a user account is a combination of username and password. It is required for authenticating a user in the HVR system.

You can set a specific authentication method for a user only while:

• creating a hub user from browser (in the UI) or from the Command Line Interface (CLI) using the command hvruserconfig (option -A).
• creating an agent user from browser (in the UI) or from CLI using the command hvragentuserconfig (option -A).

Following are the user authentication methods available in HVR:

• Kerberos

  The user is authenticated using the Kerberos authentication method. To use this authentication method, Kerberos must be already configured in the user machine/network.

  This authentication method is applicable only for authenticating the agent user on Linux and Solaris systems. Moreover, this authentication is supported only when the HVR Hub Server is running on Linux.

• Local

  The user is authenticated using the username and password of a local user. In this authentication method, HVR creates the user account locally in the HVR system and stores it in the repository database of the HVR Hub Server.

• PAM

  The user is authenticated using the username and password of a user available in the Pluggable Authentication Module (PAM). To use this authentication method, PAM must be already configured in the user machine/network. In this authentication method, HVR uses the PAM authentication service to authenticate a user on Linux and Unix systems. PAM is a login/password authentication service used to validate user credentials on Linux and Unix systems as an alternative to regular username/password authentication, e.g. checking the /etc/passwd file.

  The default PAM authentication service used is login. To use a different PAM service, you must configure the PAM Authentication Settings from UI or from CLI. For more information about changing the default PAM service, see:

  • For hub user, from browser or from CLI using the command hvrreposconfig.

  • For agent user, from browser or from CLI using the command hvragentconfig.

  This authentication method is applicable only for authenticating the HVR hub or agent user on Linux and Unix systems.

• Plugin

  The user is authenticated using a custom authentication plugin.
  HVR allows you to supply your own plugin for authenticating the users. The custom plugin file must be named as hvrauth and saved in the HVR_CONFIG/plugin/authentication/ directory. An example of the custom authentication plugin can be found in the HVR_HOME/plugin_examples/authentication/ directory.

  The plugin must follow the simple call conventions:

  • It should read a two-line input that contains a username and password.
  • It should exit with code 0 if the username and password are valid. Otherwise, it should exit with code 1.

• Windows

  The user is authenticated using a username and password of the Windows user available in the Active Directory (AD). In this authentication method, HVR uses the Windows user account to authenticate a user.

  This authentication method is applicable only for authenticating the HVR hub or agent user on Windows system.

See Also

• Command hvruserconfig
• Command hvragentuserconfig
• Setting up HVR Hub
• Configuring HVR Agent
• Users